renderer: validate shader_type value

Fix found thanks to american fuzzy lop.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
macos/master
Marc-André Lureau 9 years ago committed by Dave Airlie
parent ddb49b5931
commit 775f5ed62a
  1. 3
      src/vrend_decode.c
  2. 5
      src/vrend_renderer.c

@ -898,6 +898,9 @@ static int vrend_decode_bind_sampler_states(struct vrend_decode_ctx *ctx, int le
if (length < 2) if (length < 2)
return EINVAL; return EINVAL;
if (shader_type >= PIPE_SHADER_TYPES)
return EINVAL;
vrend_bind_sampler_states(ctx->grctx, shader_type, start_slot, num_states, vrend_bind_sampler_states(ctx->grctx, shader_type, start_slot, num_states,
get_buf_ptr(ctx, VIRGL_BIND_SAMPLER_STATES_S0_HANDLE)); get_buf_ptr(ctx, VIRGL_BIND_SAMPLER_STATES_S0_HANDLE));
return 0; return 0;

@ -3407,6 +3407,11 @@ void vrend_bind_sampler_states(struct vrend_context *ctx,
int i; int i;
struct vrend_sampler_state *state; struct vrend_sampler_state *state;
if (shader_type >= PIPE_SHADER_TYPES) {
report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER, shader_type);
return;
}
ctx->sub->num_sampler_states[shader_type] = num_states; ctx->sub->num_sampler_states[shader_type] = num_states;
for (i = 0; i < num_states; i++) { for (i = 0; i < num_states; i++) {

Loading…
Cancel
Save